CVE-2007-5658

Sažetak

Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638
http://secunia.com/advisories/28490
http://securitytracker.com/id?1019193
http://www.securityfocus.com/bid/27294
http://www.tibco.com/mk/advisory.jsp
http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt
http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt
http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt
http://www.vupen.com/english/advisories/2008/0173
https://exchange.xforce.ibmcloud.com/vulnerabilities/39703

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-07-2017 - 01:33

Objavljeno

16-01-2008 - 03:00